From: Joseph Sutton Date: Wed, 14 Jun 2023 22:00:53 +0000 (+1200) Subject: s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw X-Git-Tag: talloc-2.4.1~372 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1364c205ffd1cfaaba8862a096be82b5d5c5f11;p=thirdparty%2Fsamba.git s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw This more clearly indicates that it is the raw TGT lifetime value straight from the database. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/auth/authn_policy.c b/auth/authn_policy.c index 6d8220adb36..3580f15da43 100644 --- a/auth/authn_policy.c +++ b/auth/authn_policy.c @@ -29,8 +29,8 @@ bool authn_policy_is_enforced(const struct authn_policy *policy) /* Authentication policies for Kerberos clients. */ -/* Get the TGT lifetime enforced by an authentication policy. */ -int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy) +/* Get the raw TGT lifetime enforced by an authentication policy. */ +int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy) { if (policy == NULL) { return 0; @@ -40,7 +40,7 @@ int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_po return 0; } - return policy->tgt_lifetime; + return policy->tgt_lifetime_raw; } /* Authentication policies for NTLM clients. */ diff --git a/auth/authn_policy.h b/auth/authn_policy.h index 5017f7dcd3b..65690ca2c46 100644 --- a/auth/authn_policy.h +++ b/auth/authn_policy.h @@ -29,8 +29,8 @@ struct authn_kerberos_client_policy; -/* Get the TGT lifetime enforced by an authentication policy. */ -int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy); +/* Get the raw TGT lifetime enforced by an authentication policy. */ +int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy); /* Authentication policies for NTLM clients. */ diff --git a/auth/authn_policy_impl.h b/auth/authn_policy_impl.h index 580c2ae9626..6f151b66c6c 100644 --- a/auth/authn_policy_impl.h +++ b/auth/authn_policy_impl.h @@ -38,7 +38,7 @@ bool authn_policy_is_enforced(const struct authn_policy *policy); struct authn_kerberos_client_policy { struct authn_policy policy; DATA_BLOB allowed_to_authenticate_from; - int64_t tgt_lifetime; + int64_t tgt_lifetime_raw; }; struct authn_ntlm_client_policy { diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c index 14f419848c8..c757e77dbf5 100644 --- a/source4/kdc/authn_policy_util.c +++ b/source4/kdc/authn_policy_util.c @@ -515,7 +515,7 @@ int authn_policy_kerberos_client(struct ldb_context *samdb, } if (authn_attrs.policy->tgt_lifetime != NULL) { - client_policy->tgt_lifetime = ldb_msg_find_attr_as_int64( + client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64( authn_policy_msg, authn_attrs.policy->tgt_lifetime, 0); diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 9195ebf0c59..e220cb30d3b 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1092,7 +1092,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, const struct authn_kerberos_client_policy *authn_client_policy = NULL; const struct authn_server_policy *authn_server_policy = NULL; - int64_t enforced_tgt_lifetime; + int64_t enforced_tgt_lifetime_raw; ZERO_STRUCTP(entry); @@ -1425,9 +1425,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, } } - enforced_tgt_lifetime = authn_policy_enforced_tgt_lifetime(authn_client_policy); - if (enforced_tgt_lifetime != 0) { - int64_t lifetime = enforced_tgt_lifetime; + enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy); + if (enforced_tgt_lifetime_raw != 0) { + int64_t lifetime = enforced_tgt_lifetime_raw; lifetime /= INT64_C(1000) * 1000 * 10; lifetime = MIN(lifetime, INT_MAX); @@ -1474,7 +1474,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, protected_user = result; - if (protected_user && enforced_tgt_lifetime == 0) + if (protected_user && enforced_tgt_lifetime_raw == 0) { /* * If a TGT lifetime hasn’t been set, Protected Users